Category: General

The term “internal controls” is a loaded one – it morphs in various ways depending on the context. Sometimes it is a shorthand for financial accounting controls; other times it encompasses a company’s compliance controls (i.e. policies and procedures). OFAC embraced the term to equate with a company’s policies and procedures for sanctions compliance. OFAC recognized that OFAC compliance functions have to begin with the...

OFAC’s new framework guidance for sanctions compliance programs stretched into new territory with its risk assessment requirement. This new approach reflects OFAC’s recent aggressive enforcement programs. In recognition of the importance of various economic sanctions programs, particularly Iran, North Korea and Venezuela, OFAC has laid out some important markers. These enforcement actions, e.g. the Epsilon case (here), and the elf Cosmetics case (here), and the...

If you follow my blog, you know I am not one to embrace hyperbole. So, forgive me for stretching a little here, but the OFAC Framework for Sanctions Compliance Programs is a game changer. Let me explain why I am saying that. When it comes to sanctions compliance programs, most companies are well behind the curve; I am not saying they do nothing, but most...

An audit program of a company’s internal investigation function provides valuable insights for its internal investigation program and the company’s overall ethics and compliance program. It is a critical part of ensuring that a companies speak up culture is adequately supported and promoted by an efficient and reliable internal investigation function. A company learns a lot about its overall operations from its employee complaints and...

As an initial step, an audit of an internal investigation program requires a detailed understanding of the operation of a company’s internal investigation program. In crafting the audit, the first step is to define the relevant universe of investigations. The audit scope will depend on the number of investigations to be review based on the number of investigations and the years to be reviewed. Assuming...

In the compliance idea marketplace, there has been an increased focus on the importance of maintaining an organization’s speak up culture and the importance of a reliable and efficient internal investigation program. From a practical standpoint, if a company has a defective program for encouraging reporting, and conducting timely and efficient investigations, the company is likely to suffer from some serious breakdowns in conduct and...

With the growth of the compliance profession and the importance of compliance functions as part of corporate governance, there has been a significant increase in the quantity and quality of compliance studies and surveys. It takes time to keep up with all the compliance information being developed and released. Here is a quick summary with links to some important new publications in this area: LRN’s...

We are living in rapidly changing times. I know it sounds trite but it is amazing when you witness rapid innovation and change. Even in our narrow corner of life involving ethics and compliance, we can see change occurring right before our eyes. When you review due diligence and third-party risk management, there has certainly been significant advances in capabilities to identify risks, uncover relevant...

All you need in this life is ignorance and confidence, and then success is sure. Mark Twain People are good at convincing themselves that everything is okay, despite troubling indications. Sometimes it is easier to ignore warning signs than to face the harsh reality. It is really a part of the human condition – we fail to intervene or take action unless required to do...

Company managers are the lynchpin of a corporate compliance program. Without belaboring the Tinkers to Evers to Chance baseball analogy, a corporate culture of compliance requires an important information and accountability flow (or cascade) from leadership to senior managers to on-the-ground managers. It is at this level that the compliance message requires effective communications and conduct by managers directly to employees. This is where the...